On Sat, 2006-11-04 16:00 Paul de Vrieze wrote:
> On Saturday 04 November 2006 12:11, Joe Knall wrote:
> > can/does mounting a partition with noexec, ro etc. provide
> > additional security or are those limitations easy to circumvent?
> > Example: webserver running chrooted
> > all libs and executables (apache, lib, usr ...) on read only
> > mounted partition /srv/www, data dirs (logs, htdocs ...) on
> > partition /srv/www/data mounted with noexec (but rw of course), no
> > cgi needed.
> > Server is started with "chroot /srv/www /apache/bin/httpd -k
> > start".
> Besides this, you must also add nodev to prevent those kinds of
correct, it's atually like this
/srv/www type ext3 (ro,nosuid,nodev,acl,user_xattr)
/srv/www/data type ext3 (rw,noexec,nosuid,acl,user_xattr)
but I need a /dev, currently data/dev with null and urandom there,
writeable and not nodev (could as well be a separate partition).
Do you think this turns all the rest in vain?
email@example.com mailing list